timing analysis

A type of side-channel attack on a cryptosystem that involves measuring the relative times cryptographic operations take. Some cryptographic algorithms take different amounts of time for different values of the key used or data being encrypted, for whatever reason. If the attacker can measure the relative times these operations take, that will give her information about the key that she would not have had otherwise. The method was first formally described by Paul Kocher in the 1995 paper "Timing Attacks on Implementations of Diffie-Hellman, RSA, DSA, and Other Systems". The attack is very powerful, having the ability to recover private key information simply by measuring the amount of time a system takes to, say, encipher a certain bit of data. It even works in the presence of external noise such as network latency, because it is possible to filter out this noise by making more measurements.

This attack can be avoided by causing the cryptographic operations to take constant time as much as possible no matter what the inputs. Another way of defeating a timing analysis attack would be to introduce a "blinding" factor that involves a secret random number, that would serve to randomize the time a particular cryptographic operation takes. This method was incorporated into the BSAFE cryptographic library to protect its RSA implementation from timing attacks, starting with version 3.0.

Most block cipher algorithms, such as DES, 3DES, and Rijndael are immune to this type of attack, while others, such as RC5, are vulnerable on some platforms, because primitive operations they use do not take constant time. As previously noted, RSA and Diffie-Hellman are vulnerable, however ElGamal is not, because it utilizes a certain random factor every time it performs encryption or decryption.